Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

Password Managers

For years, writing down passwords has been deemed a bad practice, but is it truly? Using the same password across multiple services poses significant risks; if one platform is hacked, the compromised password can be reused on others. To mitigate this, users are advised against password reuse, which complicates the challenge of creating strong, unique passwords for each service. A password manager addresses this issue by securely storing passwords, making them easily accessible while ensuring they remain strong and unique. When implemented effectively, a password manager can:

  • Enhance online security for users.
  • Boost productivity by allowing easy access to passwords, enabling quick copying and pasting into various services.
  • Provide convenient options for resetting and generating new passwords as necessary.

Recording passwords is viewed as a significantly lower risk for users compared to reusing them. While this method isn’t foolproof—since a password manager could be compromised—it is generally regarded as a safer alternative.

Passwordless Solutions

What if we could eliminate passwords altogether? Some users might struggle to enter a long passphrase daily for various reasons, such as:

  • Non-technical office workers
  • Doctors who frequently access different computers in various patient rooms
  • Difficulty typing on certain systems

The development of passwordless authentication methods is progressing quickly. Instead of requiring a password, we could enable users to authenticate using:

  • Something they are, like their face or fingerprint
  • Something they have, such as a token or mobile device

While there are challenges associated with these methods, it’s important to consider whether they truly improve security for users. We should remember that perfect security is often unattainable; our goal is to balance reducing threats with enhancing user convenience. Both traditional passwords and passwordless solutions have their drawbacks—what approach will you choose for your users?

Multi-Factor Authentication

Regardless of the verification method used, significant account risks persist. Implementing Multi-Factor Authentication (MFA) can help mitigate these risks by requiring users to verify their identity not only with a password but also through a second factor.

img_multi-factor-authentication

There are several methods to request a second factor for authentication, including:

  • Using an authentication app on a smartphone to generate a secret code.
  • Receiving a secret code via SMS (Short Message Service) on a mobile phone.
  • Utilizing a hardware token to supply a secret code.
  • Presenting a fingerprint or facial recognition for identification.

All of these methods require not only knowledge of a password but also the provision of a second factor. Such solutions can feel invasive to users, so the concept of Discretionary Access Control (DAC) can be employed. DAC enables the login system to determine when to prompt a user for multi-factor authentication, such as when they:

  • Log in from a new location.
  • Use a different browser or application.
  • Attempt sensitive actions, like changing their password or executing a large transaction.